6

I need to forward an UDP port range to a specific private IP address in my LAN.

In order to forward one port to an internal IP I do:

access-list <acc_list_number> permit <port_type> any any eq <port_number>
ip nat inside source static <port_type> <internal_IP> <port_number> interface <outside_interface> <port_number>

However, I run into problems when I need to forward a range of ports, such as UDP 40000-42000 to a single internal IP.

I tried this command:

ip nat pool voice 192.168.0.50 192.168.0.50 netmask 255.255.255.0 type rotary
access-list 102 permit udp any any range 40000 42000
ip nat inside destination list 102 pool voice

But it seems to only work with TCP ports and not UDP ones.

What's the best way to forward an UDP port range?

Bulki
  • 2,363
  • 7
  • 25
  • 43
eldblz
  • 206
  • 2
  • 8
  • Rotary is used when you want to "load balance" several inside servers by handing out different inside locals for the same inside global address. – Daniel Dib May 25 '13 at 11:39
  • Did any answer help you? if so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you could provide and accept your own answer. – Ron Maupin Aug 08 '17 at 14:06
  • The answer didn't help me, unfortunately the problem is still unsolved i'm afraid it's not possibile on Cisco – eldblz Aug 09 '17 at 19:35

1 Answers1

3

Try

ip nat inside source static <internal_IP> <external_IP> route-map MOO
!
route-map MOO permit 100
  match ip address 102
route-map MOO deny 200
!

I feel your own example probably should work, at least I couldn't immediately think of why not, so might be bug.

Review CCO Document for the command, namely:

Only IP hosts that are part of the route-map configuration will allow outside sessions.

ytti
  • 9,776
  • 42
  • 53
  • This does not work. this will allow access to all ports 192.168.1.10 from external ip of 10.10.10.1 ip nat inside source static 192.168.1.10 10.10.10.1 route-map MOO ! route-map MOO permit 100 match ip address 102 route-map MOO deny 200 ! – Luna Jul 05 '13 at 20:10